vulnerability
ServiceNow UI Macros: CVE-2024-4879: Improper Validation of Specified Type of Input
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Nov 27, 2024 | Jul 9, 2025 | Jul 9, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 27, 2024
Added
Jul 9, 2025
Modified
Jul 9, 2025
Description
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.
Solution
servicenow-upgrade-latest
References
- CVE-2024-4879
- https://attackerkb.com/topics/CVE-2024-4879
- URL-https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
- URL-https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293
- URL-https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
- URL-https://nvd.nist.gov/vuln/detail/CVE-2024-4879
- CWE-1287
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.